package io.jans.lock.service.consumer.policy.opa;

import com.unboundid.util.Base64;
import io.jans.lock.model.config.AppConfiguration;
import io.jans.lock.model.config.OpaConfiguration;
import io.jans.lock.service.external.ExternalLockService;
import io.jans.lock.service.external.context.ExternalLockContext;
import io.jans.service.EncryptionService;
import io.jans.service.cdi.qualifier.Implementation;
import io.jans.service.net.BaseHttpService;
import io.jans.service.policy.consumer.PolicyConsumer;
import io.jans.util.StringHelper;
import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.slf4j.Logger;

@ApplicationScoped
@Implementation
/* loaded from: input_file:io/jans/lock/service/consumer/policy/opa/OpaPolicyConsumer.class */
public class OpaPolicyConsumer extends PolicyConsumer {
    public static String POLICY_CONSUMER_TYPE = "OPA";

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ExternalLockService externalLockService;

    @Inject
    private BaseHttpService httpService;

    @Inject
    private Logger log;

    @Inject
    @Implementation
    private Instance<PolicyConsumer> policyConsumerProviderInstance;

    @Inject
    private EncryptionService encryptionService;
    private MessageDigest sha256Digest;
    private Map<String, List<String>> loadedPolicies;

    @PostConstruct
    public void init() {
        this.loadedPolicies = new ConcurrentHashMap();
        try {
            this.sha256Digest = MessageDigest.getInstance("SHA-256", "BC");
        } catch (NoSuchAlgorithmException e) {
        } catch (NoSuchProviderException e2) {
            this.log.error("Failed to prepare SHA256 digister", e2);
        }
    }

    public boolean putPolicies(String str, List<String> list) {
        this.log.debug("PutPolicies from {}, count {}", str, Integer.valueOf(list.size()));
        ExternalLockContext externalLockContext = new ExternalLockContext();
        this.externalLockService.beforePolicyPut(str, list, externalLockContext);
        if (externalLockContext.isCancelPdpOperation()) {
            this.log.debug("PutPolicies was canceled by script");
            return true;
        }
        String urlEncode = Base64.urlEncode(str, false);
        if (!this.loadedPolicies.containsKey(urlEncode)) {
            this.loadedPolicies.put(urlEncode, new ArrayList(list.size()));
        }
        List<String> list2 = this.loadedPolicies.get(urlEncode);
        boolean z = true;
        ArrayList<String> arrayList = new ArrayList(list2);
        for (String str2 : list) {
            String bigInteger = new BigInteger(1, this.sha256Digest.digest(str2.getBytes(StandardCharsets.UTF_8))).toString();
            if (list2.contains(bigInteger)) {
                arrayList.remove(bigInteger);
                this.log.debug("Policy with digiest '{}' is already downloaded", bigInteger);
            } else {
                OpaConfiguration opaConfiguration = this.appConfiguration.getOpaConfiguration();
                HttpPut httpPut = new HttpPut(String.format("%s/policies/%s", opaConfiguration.getBaseUrl(), bigInteger));
                addAccessTokenHeader(httpPut, opaConfiguration);
                httpPut.setEntity(new StringEntity(str2, ContentType.TEXT_PLAIN));
                try {
                    int statusCode = this.httpService.getHttpsClient().execute(httpPut).getStatusLine().getStatusCode();
                    this.log.debug("Get OPA add policy for policyId '{}' response with status code '{}'", bigInteger, Integer.valueOf(statusCode));
                    z &= statusCode == 200;
                } catch (IOException e) {
                    this.log.error("Failed to add policy to OPA", e);
                }
                list2.add(bigInteger);
            }
        }
        for (String str3 : arrayList) {
            z &= sendRemovePolicyRequest(str, str3);
            list2.remove(str3);
        }
        return z;
    }

    public boolean removePolicies(String str) {
        this.log.debug("RemovePolicies from {}", str);
        List<String> list = this.loadedPolicies.get(Base64.urlEncode(str, false));
        if (list == null) {
            this.log.warn("There is no loadeed policies from sourceUri: '{}'", str);
            return true;
        }
        boolean z = true;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            z &= sendRemovePolicyRequest(str, it.next());
        }
        return z;
    }

    public void destroy() {
        HashMap hashMap = new HashMap(this.loadedPolicies);
        this.loadedPolicies.clear();
        this.log.debug("Destory Policies");
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            removePolicies((String) it.next());
        }
    }

    public boolean sendRemovePolicyRequest(String str, String str2) {
        this.log.debug("Remove policy '{}'", str2);
        ExternalLockContext externalLockContext = new ExternalLockContext();
        this.externalLockService.beforePolicyRemoval(str, externalLockContext);
        if (externalLockContext.isCancelPdpOperation()) {
            this.log.debug("RemovePolicies was canceled by script");
            return true;
        }
        OpaConfiguration opaConfiguration = this.appConfiguration.getOpaConfiguration();
        HttpDelete httpDelete = new HttpDelete(String.format("%s/policies/%s", opaConfiguration.getBaseUrl(), str2));
        addAccessTokenHeader(httpDelete, opaConfiguration);
        boolean z = true;
        try {
            int statusCode = this.httpService.getHttpsClient().execute(httpDelete).getStatusLine().getStatusCode();
            this.log.debug("Get OPA remove policy for policyId '{}' response with status code '{}'", str2, Integer.valueOf(statusCode));
            z = true & (statusCode == 200);
        } catch (IOException e) {
            this.log.error("Failed to remove policy from OPA", e);
        }
        return z;
    }

    private void addAccessTokenHeader(HttpRequestBase httpRequestBase, OpaConfiguration opaConfiguration) {
        String decrypt = this.encryptionService.decrypt(opaConfiguration.getAccessToken(), true);
        if (StringHelper.isNotEmpty(decrypt)) {
            httpRequestBase.setHeader("Authorization", "Bearer " + decrypt);
        }
    }

    public String getPolicyConsumerType() {
        return POLICY_CONSUMER_TYPE;
    }
}
